Citizens' Protection in Federal Databases Act Introduced

SewersOfRivendell writes "Quote from http://boingboing.net/: 'EFF, EPIC, CDT, ACLU and Free Congress have drafted a bill that's been introduced by Senator Wyden today, for a new law called "The Citizens' Protection in Federal Databases Act." This is a hell of a law. It finds that various species of spooks are making avid use of commercial and governmental databases, merging them and aggregating them, without transparency, accountability, or any real understanding of the danger to civil liberties involved in this practice. Accordingly, it requires any Fed agency using non-Fed databases to cut it out and make a full report to Congress on who they're buying database and database-services from, what they're doing to preserve privacy, why they're doing what they're doing, and whether they actually have a realistic chance of catching any bad guys. And it calls into account Feds who abuse their authority and limits the kind of doomsday hypotheticals that can be used to justify such abuse.' PDF draft of the bill here."

Better link ...?

[Arthaed]

I am looking at Senator Ron Wyden's website right now and I don't see anything mentioning this possible bill. Hmmmm. Does anyone have a link to a .gov version of this so called bill?

Accountability?

[Empiric]

The "accountability" thing is going to be quite a trick. This is the same government, after all, whose own GAO (General Accounting Office) concluded that government agency accounting is so bad, there's no way they can determine how much the government is actually spending--and that if this degree of lax accounting was taking place in a private corporation, the owners would face legal action.

Likely responses...

• cut it out - "Ok, whatever you say."
  
• make a full report to Congress - "We ran MySQL. But we stopped, umkay?"
  
• what they're doing to preserve privacy - "We have self signed SSL certificates for our intranet."
  
• why they're doing what they're doing - "To protect and serve."
  
• whether they actually have a realistic chance of catching any bad guys - "Yep. Those bad guys never stood a chance...umkay?"

Obviously..

[grub]

It's obvious that the EFF, EPIC, CDT, ACLU, Free Congress and Senator Wyden are terrorist sympathizers

A good start

[thomas.galvin]

This is a good start. Now, what can we do about all of the non-government entites that are doing the same thing?

Re:A good start

[SecGreen]

Buy stock in them, since if the government isn't allowed to collect and analyze the data, they will simply outsource the analysis to the private companies who aren't subject to the new law.

Bill Is Not Going to Happen

[Valence_99]

Spooks have to justify what they are doing? It will be a cold day in Hell before, unfortunately its still summertime

Interesting law

[chrisgeleven]

Question is, how likely is it that it will pass or even come up for a vote?

Whoa, this is bad

[helix400]

Where I work, our job is to collect *public* information in government databases. We make it possible so people can research a property in just a minutes, rather than a few hours.

According to the ACLU, because I'm consolidating public information, I'm a national security threat. I should also be forced to submit to even more beaurocratic loopholes to get data that's already public, or be stopped from accessing to much public data to begin with. And I thought the ACLU was all about personal freedom and open governments

What I want to see

[Dachannien]

I'd like to see some corporate accountability added into those sorts of databases. I want to be able to walk into the front door at Citibank and say, give me a printout on all the information you have on me.

Then I want to be able to read the printout, walk back up to the desk, and say, Okay, now delete it. All of it.

Re:What I want to see

[Zathrus]

Fine. As long as you understand that they then have the right to say "Certainly sir. And how would you like to pay your outstanding mortgage balance of $235702.46?"

Or to give you whatever money of yours they have, or do whatever's necessary to sever all financial ties with you immediately.

You're not a customer? Then they're not going to have crap for information on you. They may send you solicitations, but that information is acquired from the credit bureau. You can tell Citibank to be put on their do not solicit list, and then your data will get flushed early in the process whenever it gets pulled from the bureaus. Yes, I've worked in this field, doing this exact thing. If you don't want your data to be sold by the bureaus, you can request that from the bureaus as well. There are three major ones (Equifax, Experian, Trans Union) and a few hundred thousand small ones (all of whom feed the big three).

You don't actually expect a company to do business with you if they're not allowed to keep records, right? Might I suggest you do some research into how godawful the banking industry was prior to the introduction of the credit bureaus? Think "Good Ole Boys Network" and you'll have a start on it... but it was considerably worse.

I'm not saying that some additional protections on consumer privacy shouldn't be in place (as a bare minimum everyone should be entitled to viewing their own credit report on demand, for no more than cost of mailing or free online). And I'm also not saying that the pendulum hasn't swung too far in the wrong direction (the law a couple years ago allowing companies unprecedented sharing of consumer information went way too far). But anyone who makes statements like that generally has no clue how the financial system, particularly the credit portion of it, actually works.

What's the limit for?

The Attorney General, the Secretary of Defense, the Secretary of Homeland Security, the Secretary of the Treasury, the Director of Central Intelligence, and the Director of the Federal Bureau of Investigation shall each prepare...

All of the other agencies, particularly the Department of Commerce and it's Bureau of the Census, utilize numerous public databases in the process of their daily work. Why not include reports from them too?

Re:What's the limit for?

[leerpm]

Because when the Bureau of the Census screws up the information in their database for an individual, it makes narry a blip in their aggregrate stats. When the FBI screws this up, you may have agents busting your door down for no legitimate reason other than the computer says you may have links to terrorism.

Thanks for the EFF and ACLU

[joelparker]

Please realize that the bill is VERY useful,
even it fails: the bill encourages dicussion.

ACLU and EFF members will learn more.
The media will write about it, and learn more.

And Congresspeople will read it,
or have their staffers research it,
and maybe learn something.

I thank the EFF and ACLU for this.
And I donate to both of them.

Cheers, Joel

Whoops, its only federal

[helix400]

My mistake, this bill only applies to the federal government, not for average private citizens like me.

However, because Slashdotters never like to admit total defeat, I'd like to pose the question. Do you think the the ACLU is still opposed to private citizens like me consolidating so many public government databases about individual people and properties?

It's just a draft

[Motherfucking+Shit]

This probably won't be on any .gov sites yet as it hasn't been introduced... It's just a draft. If you check the PDF, the date of presentation is still blank.

I'd keep an eye on Thomas over the next week or so. Once it's been read on the floor, it'll wind up there.

Re:It's just a draft

[Frobnicator]

This probably won't be on any .gov sites yet as it hasn't been introduced

Who moderated that thing up to informative? It specifically says "introduced by Senator Wyden today" so of course it isn't on Thomas records yet -- it takes at least 1 day for that. The ACLU has Their announcement up though.

Found the links I needed.

[James+A.+A.+Joyce]

This article, while not specific to the topic I mentioned, did have a specific quote which describes exactly what I was trying to explain:

"Just by knowing the birth date and ZIP code of the governor of Massachusetts, Latanya Sweeney, a computer-privacy researcher at Carnegie Mellon University, was able to retrieve his health records from a supposedly anonymous database of state employee health-insurance claims. Sweeney also demonstrated that she could do the same for 69 percent of the 54,805 people on the voting list of Cambridge, Mass."

This is from another article, reprinted from Newsweek :

"...don't get complacent: anonymity is hard to achieve. Where once a company needed a name, address, phone number, or Social Security number to identify a person, database technology has made that unnecessary. "Eighty-seven percent of the population of the US can be uniquely identified [only] by their date of birth, gender, and five-digit zip code," says Latanya Sweeney, ALB '95 assistant professor of computer science and public policy at Carnegie Mellon University in Pittsburgh."

And finally, from Dr. Latanya Sweeney's CV itself:

"Recent work includes:

* Identifiability server -- a computational system that determines the identifiability of given data sets and/or of individuals in the United States based on either field descriptions of the data set or on actual data values. For example, combinations of values such as {date of birth, gender, 5-digit ZIP} combine to uniquely identify 87% of the population in the United States."

Good.

[softspokenrevolution]

Simply letting federal agencies run around and spy on people simply because they can doesn't seem to be the best idea for a country based on freedom and all of that jazz. Accountability is what keeps things from going bad to worse, look at dictatorships all over the planet, when people aren't held accountable for their actions they go to extremes. Americans or not, I don't fel very secure when someone can peer into any old asset of my life without asking my permission or without being checked in some fashion. I for one, feel more threatened by the current way the administration is going in regards to policy (foreign, fiscal, energy, environmental, copyright, and pretty everything else) than I do by any terrorist threat (then again, like 90% of americans I don't live in a threatened area, I likve in the 'burbs, well, the sort of burbs).

Read the law, visit senate.gov, and make it a law.

[Frobnicator]

The law is tiny (1500 words, smaller than many /. articles) and is easy to understand.

If everyone on /. would just spend 2 minutes we could get this passed.

1. Click here to go to senate.gov.
2. Pick your state from the list.
3. Click on both of your senator's e-mail contact links, each link opens a new window.
4. Fill out your name and address in the form, then paste the following:

   Senator [ senator's name],
   I am a citizen of [your state] who is concerned about my rights. A bill was proposed today by Mr. Wyden with the short title "CITIZENS' PROTECTION IN FEDERAL DATABASES ACT".
   The bill is simple and easy to understand. It improves our security and will improve our ability to fight terrorism, which you have stated is your goal.
   I urge you to SUPPORT this bill.
   [your name]

Fill in the blanks, and get this passed! The statement about it improving security is true, and since it's the big thing in congress lately, they want to do everything to help that out.

frob